This invention relates generally to reducing exposure of computer systems to malicious content.
Software applications may be exploited for malicious purposes. Typically they are used to deploy malware, such as viruses, Trojans, or any other type of spyware. Today's anti-virus programs and other types of protection mostly rely on a pattern or signature of such malware to recognize it and block it. Malware makers have become very good at making the malware change its appearance, hence evading simple pattern recognition. Further, once a pattern is found in a computer, in most cases the damage is already done. Even if further damage can be prevented, often a lot of time is lost in recovering the system and data and bringing it into its pre-attack state, if that is possible. So-called “vulnerabilities” are typically bugs in applications, including browsers that allow such malware to enter a computer system, either through a network connection, through an email or through a manually loaded document or disk, currently in many cases a USB drive. Known vulnerabilities are typically addressed by providing patches to stop exploits from executing and this, among other actions, delivering malware. Although related, an exploit is distinct from malware. An exploit, for example, may be lodged on a legitimate website. The exploit then can affect unsuspecting web visitors and infect them with a malware. Even though manufacturers are sometimes aware of exploits, they can take sometimes weeks or months to release so-called patches or updates to fix those exploits. The general public, as well as targeted governments, firms, and individuals, may be defenseless during those times. If a new pattern is used in the malware, it may remain undetected for days or weeks, potentially creating dramatic losses of data and security information, as well as credentials for accessing other, more secure systems.